CVE-2009-1149

Publication date 26 March 2009

Last updated 24 July 2024

Ubuntu priority

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
phpmyadmin	9.04 jaunty	Fixed 4:3.1.2-1ubuntu0.1
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
phpmyadmin	Upstream: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303

References

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1149